This report provides a comprehensive IT risk assessment for small IT-companies. It includes assets, threats, vulnerabilities, and consequences that arise from the use of open access of servers and systems, along with their impact in the IT Company’s architecture. Mitigation of risks and recommendations are also provided.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: IT-PORTFOLIO0|P a g e IT-portfolio Report Student name
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT-portfolio Table of Contents Executive Summary.........................................................................................................................2 Introduction......................................................................................................................................3 Risk Assessment Process.................................................................................................................3 Assets, Threats, Vulnerabilities, and Consequences.......................................................................4 Mitigation of Risks and Recommendations.....................................................................................5 Summary..........................................................................................................................................6 Conclusion.......................................................................................................................................6 References........................................................................................................................................7
IT-portfolio Executive Summary Small businesses are having low budgets for their security systems. However, they required it for securing their assets from different attack. In the given scenario, IT Company should have their personal security system, which provides security to their hardware, software, and their projects. As a consultant for small IT-Company, a report is submitted to the senior administration, it is based on the assets, threats, vulnerabilities, and consequences that originate from the use of open access of servers and systems, along with their impact in the IT Company’s architecture(Humphreys, 2008). Servers have popularity for fundamental businesses, especially in the small IT- Companies. It plays a key role in the overall growth of the small IT Company’s organization, productivity and management of operations. Servers have many advantages. It carries disadvantages as well. Therefore, it is require that the senior management follow rule and regulations when performing certain tasks to secure use of server facilities. In this report, issues of servers and internet will be discussed as well as it will provide recommendations for IT-company to resolve risks before they occurred in their system.
IT-portfolio Introduction All businesses have different risk and it is a natural part of business. If ignore these risk then it can spread like weeds. However, if managed risk in effective manner then losses cab avoided, and benefits obtained.As an IT Risk Assessment Consultant for the small IT Company, a comprehensive report is submitted based on the risks, which are associated with the IT Company(Andrijcic & Horowitz, 2016).This report will provide suggestion to the higher management as well as business stakeholders and technologist. This report will provide help to take decisions, which are based on the risk assessment of small IT Company. The main objective of this report is to establish the assets, threats, vulnerabilities, and consequences that are integrated with servers. It will also provide risk mitigation plan that adheres to the business standards(ACSC, 2017). This report will present an evaluation of the project management of small IT-company. This report uncovers potential threats, assets, consequences, and vulnerabilities, both internally and externally. These things are obstruct the availability, confidentiality, reliability, and integrity of data for IT-company. The report will explain about the data policies and access standard that comply with security. Server is providing different services to the employees for their working. Our company is having different servers for many services, such as Windows Active Directory Server. Risks can be avoided, if there is a proper security and arrangement in the system, such as firewalls are used for stopping unauthorized access, virus, Trojans, and many other malwares. Risk Assessment Process The risk management process is helping to found out potential risks that prevail with servers for IT Companies. It provides recommendations to reduce the upcoming risks for company. It helps to save cost, stress, time, and efforts. Risk management is providing appropriate ways to legalize the assets and protecting data and information of the Software Company. Risk management cycle is used for this assessment project(Heiser & Nicolett, 2008).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT-portfolio Risk management process includes five major activities as mention below: 1.Risks identification: identification of risk can be derived from the servers. Threats can be observed from different aspects. It is a basic requirement for any company to accesses the threats and resolves them(Bhagat, 2012). 2.Access and analyses risk: After the identification of risks and threats, they can be observed for the analysis of them. All the risks are categories according to their severity. This process includes different aspects and provides rating to the risks. Analysis of risk provides the defensive action. 3.Action plan for risks: In this activity, risk management is considering analysis of risks. Mitigation of risks van be planned and it enhanced security of the company. System is used risk mitigation strategy against the risks. 4.Implementation of action plan: Action plan can be implemented in this step. Risks as cyber-attacks can be reduce through implementation of cyber security algorithms. 5.Monitor, measure and control: This process has three activities. Measuring of the risk, controlling of risk and monitoring the system are three activities. System measures the risk and control that risk through different action plans. System monitoring is observes risks in the system. Assets, Threats, Vulnerabilities, and Consequences 1.Intellectual Property loss:theft of Intellectual Property (IP) is a crime as servers are having many sensitive information as well as confidential data of company. Most of the IT-companies are having their confidential data at different server, which is accessible through internet. Cloud services are completely under the laws and policies(Humphreys, 2008). 2.Disturbing administrative operations: It is a common thing that employee stored their data at server and they are having access of server for different work purposes. Some companies are allowing to their employee to bring their devices, which creates a state of uncertainty. Cloud computing services are providing different levels that provide administrative powers to few responsible persons(Mather, Kumaraswamy, & Latif, 2009).
IT-portfolio 3.Unauthorized access of server: Servers cannot track all the users’ activities and it is a huge risk for company. Therefore, anyone can make changes and there is no record of that activity(Kassa, 2017).Company is not having firewalls. Thus, this provides a huge platform for malicious infections to theft data and damage hardware that will be not good for company. 4.Loosing Confidentiality: Data breaches are reducing trust and confidentiality of the clients. Company is having information of different clients at their server. If such information is theft, it breaks clients trust as well as loss of business for the IT-company (Sanchez, 2010). 5.Network disruption: Network is backbone of any IT-companies now days. Internet is providing different advantages to the company, but it is also having disadvantages, if it is not uses with security. Company is not having any restriction on websites. This is a way to invites viruses, worms, Trojans, and ransomware(Security Response Team, 2017). Mitigation of Risks and Recommendations In this report, Mitigation of risk and recommendations are provide to reduce threats and vulnerabilities, which arise with the use of servers without firewalls. The higher management of IT-company must take into their consideration. They can also perform these recommendations as and when needed for security purposes(Messier Jr & Austen, 2000). 1.Monitoring: IT-company has different innovative softwares and they used different servers for their development of softwares. It is necessary to IT-company that they work according to appropriate laws, policies, rules, and regulations. Cloud computing provides better monitoring of servers and network of a company. 2.Owning of risks: If any issues arise with server services. It is mandatory that the higher administration of IT-company take charge. Hence, company should consistently monitor of the services and provide safety to the confidential information of the company. 3.Knowledge of servers: all the users must have the knowledge of servers and security. The management must provide firewall too secure data and monitor different activities of all users(Troldborg, Lemming, Binning, Tuxen, & Bjerg, 2008).
IT-portfolio 4.Usage of the Servers: The management of IT-company should make different level of data access at the server for security purposes. Thus, risk is eliminating before creating an issue. 5.Availability: Internet and other facilities are always there for handling different risks in the company. Senior management of IT-company must ensure that the employees are trustworthy and internet service is available for full time without any disturbance in the services. 6.Data protection: Servers must have administrative power for providing data security. Server can take backup of all data, if any cyber-attack or malware is affecting the server. 7.Recovery: For continuity of the company business, server must have backup servers for recovery from total disasters(Patterson & Neailey, 2002). Summary For making company in safe hands from security threats, it is necessary to use some security mechanisms. Software update:Server and other systems are having latest windows and Linux operating system with their latest patches for high security. It will provide security from hackers. Encryption techniques:Company must maintain the encryption techniques for data transfer. Thus, no one can theft data in an original form(Zhang, Wuwong, Li, & Zhang, 2010). Network Monitoring:there are different software present in the market that provides network monitoring of complete system, such as Solarwinds, Nagios, and many others. IT-company should use them for monitoring the network and make changes if required. Conclusion Servers are used in IT-companies and it is fast-growing service in the field of IT. IT- companies have moved into cloud services for security purposes. Cloud services are providing market value in this competitive environment. This IT Risk Assessment is providing a report to higher management of IT –company that portrays different threats and vulnerabilities. It provides recommendation and summary
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
IT-portfolio about the risk assessment. This Risk management report will beneficial for reducing risks for IT- company, which is creating different issues for the company. Finally, it is concluded that IT-company must use cloud services for managing all operations of their work. It will be better for their customers as well as for the company. References ACSC. (2017).Australian Cyber Security Centre. Retrieved December 12, 2018, from https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf Andrijcic, E., & Horowitz, B. (2016). A Macro‐Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property.Risk analysis, 26(4), 907- 923. Bhagat, B. (2012).Patent No. 13/016,999.U. S. Heiser, J. N. (2008). Assessing the security risks of cloud computing.Gartner Report, 27(1), 29- 52. Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing.Gartner Report, 27(1), 29-52. Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management.information security technical report, 13(4), 247-255. Kassa, S. G. (2017).IT Asset Valuation, Risk Assessment and Control Implementation Model. Retrieved December 11, 2018, from https://www.isaca.org/Journal/archives/2017/Volume-3/Pages/it-asset-valuation-risk- assessment-and-control-implementation-model.aspx Mather, T., Kumaraswamy, S., & Latif, S. (2009).Cloud security and privacy: an enterprise perspective on risks and compliance.Sebastopol: O'Reilly Media, Inc.
IT-portfolio Messier Jr, W. F., & Austen, L. A. (2000). Inherent risk and control risk assessments: Evidence on the effect of pervasive and specific risk factors.Auditing: A Journal of Practice & Theory, 19(2), 119-131. Patterson, F., & Neailey, K. (2002). A risk register database system to aid the management of project risk.International Journal of Project Management, 20(5), 365-374. Sanchez, M. (2010).The 10 most common security threats explained. Retrieved Devember 12, 2018, from https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats- explained Security Response Team. (2017).What you need to know about the WannaCry Ransomware. Retrieved 09 04, 2018, from https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack Troldborg, M., Lemming, G., Binning, P., Tuxen, N., & Bjerg, P. (2008). Risk assessment and prioritisation of contaminated sites on the catchment scale.Journal of Contaminant Hydrology, 104(1-4), 14-28. Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010). Information security risk management framework for the cloud computing environments.In Computer and Information Technology (CIT)(pp. 1328-1334). IEEE.